During the last two months, Eric Steiner, chief information officer at accounting firm Berdon, has seen social engineering - using common acquaintances to trick people - coming into play as a way to penetrate companies' private information. Rather than spending a lot of time, money, and resources to attempt to hack into a company's email system, the thieves will simply guess employee's passwords to infiltrate the system.
"As soon as they are in, they will look at the CFO's calendar," he said. "If they see he is going to be in Cancun and will be out of the country on May 1, they may wait until May 2 and send an email from the CFO's account saying, "I forgot to send a wire transfer to so-and-so. Can you take care of it?" Since the request is coming from an internal email account, the employee is more likely to fall for it, Steiner said.
In addition to having an Internet security plan in place, some businesses are taking out cybersecurity insurance as another means of protection. Berdon has had a policy for the last few years, Steiner said, noting "We recognized that this was an issue to be addressed due to the type and quantity of information we have.
"The people who write these policies want to make sure you have some semblance of security," he said, adding businesses with firewall and intrusion prevention programs will likely get a better rate.
"You never want to say, "I'm too little; nobody will come after me," Steiner said. "Everybody has something someone else wants."